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Abstract 

Location based services (LBS) are one of the most 
promising and innovative directions of convergence tech- 
nologies resulting of emergence of several fields including 
database systems, mobile communication, Internet technol- 
ogy, and positioning systems. Although being initiated as 
early as middle of 1990' s, it is only recently that the LBS 
received a systematic profound research interest due to its 
commercial and technological impact. As the LBS is related 
to the user's location which can be used to trace the user's 
activities, a strong privacy concern has been raised. To 
preserve the user's location, several intelligent works have 
been introduced though many challenges are still awaiting 
solutions. This paper introduces a survey on LBS systems 
considering both localization technologies, model and ar- 
chitectures guaranteeing privacy. We also overview crypto- 
graphic primitive to possibly use in preserving LBS's pri- 
vacy followed by fruitful research directions basically con- 
cerned with the privacy issue. 

1. Introduction 

The location based services (LBS) are convergence of 
different technologies resulting of the recent development 
of the mobile communication and computing, Internet tech- 
nology, geographical information systems (GIS) (47) , spa- 
tial database systems, and others. Though the LBS as a 
technological direction was initially innovated at the end of 
the last century, it is only a few years ago that it received 
a strong interest of research due to its applications that 
promise a huge commercial impact in the major technology 
consuming and producing regions in the world. For exam- 
ple, according to ZDnet |f5T| , the market size of LBS in Eu- 
rope will grow to 622 million € in 2010 with an annual in- 
crement of 34% from 2006 and the users to grow to 3 1 5 mil- 
lion from the current 12 million users all around the world 
for the same period. In Asia, according to INDOORLBS 1221 . 



the market size as of 2006 was 291.7 million US dollars and 
will be growing at the end of 2009 to count for 447 millions 
with an annual growth of 15.3% where Japan and Korea 
share 92% of the market size due to their assisting IT infras- 
tructure. The applications of LBS systems include different 
services with ranging profit fields. To mention some exam- 
ple, recent LBS applications include location-based traffic 
report, store finder, and advertisement, among others. In 
the following we discuss the main scenarios and architec- 
tural view of these applications. 

The basic scenario of the LBS assumes the existence 
of three distinct entities which are the LBS server or LBS 
provider, the mobile operator, and the mobile user. The flow 
of the LBS, as shown in Figure [T] goes as follow: first the 
mobile user request the LBS server to provide him or her the 
available specific set of services within his/her location's 
area and directions to get into them. Upon that, the LBS 
server contact the concerned mobile provider to retrieve the 
user's location. The mobile provider, using of the location 
technologies that will mentioned later, determines the user's 
location and send it back to LBS server which make a query 
listing the available service within the user's location and 
send it back to the user. More details and the flow of other 
technique is shown in section|2] 

Obviously, to be able to provide the specific set of ser- 
vices for the user within a reasonably accessible range from 
the user's current location, the user's location is needed 
by the LBS server. However, providing the exact loca- 
tion would breach the users privacy. Accordingly, several 
mechanisms are systematically studied in order to provide 
both service and privacy to the user in the LBS system. 
These mechanisms are classified according to the rule of 
the user and underlying technique for hiding the users lo- 
cation. Architecturally, the mechanisms guaranteeing pri- 
vacy are classified according to the users role into: non- 
cooperative mechanisms, centralized trust third party mech- 
anisms, and peer-to-peer cooperative mechanisms. Accord- 
ing to underlaying technique for hiding the user's location, 
these mechanisms are classified into cryptographic and non- 



cryptographic techniques. More details on these techniques 
will be shown later in this article. 

This paper introduces a survey on the LBS systems 
demonstrating the used technologies and techniques and de- 
tailing cryptographic primitives to be used in order to pro- 
vide a favorable privacy. The rest of this paper is organized 
as follows: [2] introduces the localization techniques used 
in LBS systems, section [3] introduces the issues of the pri- 
vacy in LBS systems considering architectures and R&D 
projects, section |4] surveys main cryptographic primitives, 
section[5]introduces directions for further research and sec- 
tion|6]draws concluding remarks. 
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Figure 2. Flow of LBS using handset-based 
localization model 





2. Localization techniques 

Localization techniques are classified in a high level and 
low level categories. This sections review the classification 

2.1. High level classification 

High level classification considers the rule of the user 
where the techniques are into three parts which care 
networks-based, handset-based and hybrid locations. The 
network-based localization uses existing infrastructure of 
the mobile operator (i.e., provider) in order to measure the 
user's current location. The techniques used for measur- 
ing the location range from the very accurate methods (e.g., 
triangulation) to the least accurate methods (e.g., cell-ID). 
The accuracy of the location determined using these meth- 
ods is mainly based on the concentration of the base stations 
within the network. Therefore, high accuracy is achievable 
in the urban areas while less accuracy is possible in the sub- 
urbans. The main challenge of this technique, however, is 
that the LBS provider needs to work closely with the mobile 
provider to install hardware and software within the opera- 
tors infrastructure. While on the other side it requires a leg- 
islation infrastructure in order to compel the cooperation of 
the service provider and safeguard the privacy of the differ- 
ent users. Examples of such frameworks include E911 ifTTl 
in the US and E112 [14] in Europe. An illustration of the 
LBS flow using this technique is shown in Figure Q] 

The Handset-based localization uses the handset itself 
in order to determine the user's location. It requires instal- 
lation of software or hardware pieces on the handset in or- 
der to make it able to compute the mobile user's location. 
The mainly challenge when using this technique is the re- 
quirement of an active cooperation of the mobile subscriber 
as well as the software that must be able to handle differ- 
ent OS setting and types. Currently, only smart phones are 
able to run that software. The used techniques for handset- 
based localization also range in accuracy and include signal 
strength computation of the home and neighboring cells, 
latitude and longitude determination (i.e., when using the 



GPS), and others. An illustration of the LBS flow using this 
technique is shown in Figure [2] 

Finally, the hybrid-based localization, uses both of the 
above techniques to determine the mobile user's location. 
While having the advantage of both techniques and provid- 
ing the highest accuracy, it also inherits the shortcomings of 
both schemes. An example of the hybrid-based localization 
is the A-GPS (assisted GPS). 

2.2. Low level description 

A lower level classification of these techniques is done 
according to the used localization technology rather than 
the initiator or performer of localization. This classification 
is shown in Figure [3] and detailed as follows (further details 
on these techniques and others are detailed in l48l ): 

• Global Positioning System (GPS): uses a global navi- 
gation satellite system (GNSS) utilizing more than 24 
medium Earth orbit satellites that transmit microwaves 
enabling GPS -receivers to determine their location, 
speed, direction and times. Other similar systems in- 
clude the Russian GLONASS EJ, the EU's Galileo 
lfl3l . and the Chinese COMPASS navigation system 
(extension BEIDOU 1421 1. 

• Assisted GPS (A-GPS): uses both the network- and 
handset-based techniques to determine the user's lo- 
cation. This techniques is mainly used in urban areas. 

• Angle of Arrival (AOA): is based on the angle at which 
device's transmitted signal arrive at the based station. 

• Time difference of arrival (TDOA): works on deter- 
mining time difference and therefore the distance from 
each base station to the mobile phone. 

• Time of Arrival (ToA): similar to the TDOA but differs 
in that the base station uses the absolute time rather 
than the difference to compute the distance. 

• Observed Time Difference (OTD): is based on the time 
difference between sending and receiving user's signal 
and translating the difference into distance. 
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Figure 1. Flow of LBS using network-based localization model 
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Figure 3. Location measuring techniques 



Enhanced OTD - (EOTD): is similar to the TDOA 
where the time is measured by mobile device but not 
the base station. Accuracy from 50 to 200 meters. 
Cell-ID: Measures the location of the user according to 
its nearest mobile cell; cheapest and the least accurate. 
Currently used by most LBS providers in Europe. 
Enhanced Cell-ID: with this technique, one can obtain 
same accuracy as of the Cell-ID but in rural areas. 



3. The Privacy Issue 

The need for privacy in the LBS systems is very obvi- 
ous and critical. Since the location information of the user 
can be used to trace the user's activities and pattern of life, 
it is necessary to keep such information private from possi- 
ble adversary. In order to legislate this, several laws, acts, 
and directions have been made. All of these laws are not 
limited to the LBS but any system that carries private data. 
Examples of these acts include (1) Health Insurance Porta- 
bility and Accountability Act (HIPAA) in the United States 
of America B31l . (2) Canadian Personal Information Protec- 
tion Act (PIPEDA) in Canada J9J, (3) Directive 95/46/EC 
on the protection of personal data in the European Union 
|fT31 , and (4) ISO/TC 215, a standardization initiative for 
general regulations defining private/personal data and us- 
ages. 



3.1. Architectures Achieving Privacy 

There are three different architectures for achieving the 
privacy in the LBS. These architectures are classified ac- 
cording to the rule of user and existence of third party as 
follows: 

1 . Non-cooperative model: In the model, the user uses 
his own capability and knowledge to hide his location 
using one of the hiding techniques. These hiding tech- 
niques include Pseudonimity, false dummies and land- 
mark objects. This model is also known for its sim- 
plicity in design and vulnerability to several attacks. 

2. Centralized trust third party (TTP) model : This 
model relies on using a trust third party for performing 
the heavy work in determining the proper technique 
for anonymizing the location of the user, requesting the 
service with the anonymized location and returning the 
result to the user. Though being the most accurate and 
achieving the highest privacy level, this model suffers 
from being very sophisticated in its design where the 
TTP represents a challenging bottleneck. 

3. P2P cooperative model: In this model, several users 
tries to cooperate and compute their location or hide 
their location information in a distributed manner in 
order to achieve a proper privacy. In this model, the 
cryptographic primitives (such like OT, adaptive OT, 
proxy OT, and others) play an important rule in secure 
computation. Also certificates can be used for approv- 
ing the trustworthiness of the users. 

3.2. Related R&D Projects 

Several research and developments projects have been 
performed or currently running in order to protect the pri- 
vacy of individuals users in different networking settings 
including the LBS systems. This section summarizes some 
of these efforts. 



1. Privacy and Identity Management for Europe 
(Prime) |38|: This project was supported by the Eu- 
ropean commission under the FC6 support grants and 
ran from March 2004 to February 2008. Participants 
to this projects included 18 R&D institutes and re- 
search centers which mainly from or operating in Eu- 
rope. Topics covered in this project included access 
and policy control, contents and semantics, location 
and communication, cryptography in LBS and vehic- 
ular networks, trust and reputation management, pro- 
tection and anonymity, and anomaly credentials. Re- 
sults in this work included several innovative solutions 
for some of the existing problems in the above issues, 
several prototypes, and initiative for several standard- 
izations efforts. 

2. PrimeLife:|39i] is an extension of the above project 
and based on a joint fund from FP7 and ICT run- 
ning from March 2008 for 36 months. Participants 
in this project include 14 research and developments 
institutes from both the industry and academia. Par- 
ticipants are mainly from Europe and the main topic 
of research concerned with protection and enhancing 
privacy of users in next generation Internet environ- 
ment services including WEB 2.0, mobile Internet, etc. 
Though not directly related to the LBS, the project 
dealing with the mobility as an important theme of 
the next generation Internet may relate to theme of the 
LBS in a way or another. 

3. Privacy in Ambient Word (PAW) (36): This project 
is made to answer several questions such like: Is it 
in theory possible to protect mobile software against 
privacy and security attacks while these programs are 
executed at untrustworthy hosts operated by the user 
or operated by an unknown user. Also, are conven- 
tional cryptographic algorithms applicable in mobile 
environments. Several works have introduced in this 
directions and mainly focused on theoretical and cryp- 
tographic bases. The project ran from 2004 to 2008 
(completed). 

4. FIDIS network of excellence (FIDIS) Q8): FIDIS 
(abbreviation for Future of IDentity in the Informa- 
tion Society) is a network 24 European industrial and 
academic institute that perform research towards tack- 
ling the problems related to the ID management with 
concentration on the following sub-areas: identity 
management (foundations), interoperability of iden- 
tity and identity management systems (IDMS), profil- 
ing, forensic implications of IDMS, privacy and legal- 
social issues of identity, mobility and identity, ID-theft, 
privacy and security, among others. Though this is not 
directly related to the LBS and its privacy, the iden- 
tity (as a threat of privacy) is a general concept which 
apply to several settings include that of LBS. 



4. Cryptographic Primitives 

The cryptographic direction as a solution for guaran- 
teeing privacy in the LBS systems has not been used yet. 
Though, a great deal of work have been before on the cryp- 
tographic primitives in other networking and technological 
settings that are awaiting a practical use in LBS. In the fol- 
lowing we detail a set of these primitives that have a strong 
and promising relationship with the LBS. 

4.1. Blind signature 

The blind signature is introduced firstly by David Chaum 
iflOl and it works as follows: Firstly, the owner of the mes- 
sage produces the product of the message and a blinding 
factor r e as m = mr e mod N where m , the blinded 
message, does not reveal any information about the original 
message m. Then, the signing authority signs, the message 
as follows to reveal s as follows s = (m ) d mod N. Af- 
ter that, s is returned to the author of the message who 
can remove the blinding factor performing the following 
s = s * r _1 mod N. Obviously this works because the 
property of the RSA keys satisfying r ed = r mod N . I.e., 
s = s * = (m ) d r~ 1 = m d r ed r ~ l = m d rr^ 1 = m d 
mod N, where the final result is the typical RSA signature. 

The applicability of the blind signature to the privacy 
is very direct and essential. Assuming cooperative sce- 
nario for introducing privacy, any device in the LBS sys- 
tem using the blind signature technique still sign a message 
from any LBS device without having access to the con- 
tents of the message itself (guaranteeing the privacy of its 
owner). Extensive work has been performed on blind sig- 
natures on the context of e-voting and e-cash among others 

mum nana . 

4.2. Oblivious transfer (OT) 

The oblivious transfer (OT) protocol is a method used 
for secure computing in which the sender sends some in- 
formation to the receiver but remains oblivious to what the 
receiver has received. 11341 . Broadly, the OT protocols are 
divided into two main protocol categories which are 1 — 2 
OT and 1 — n OT (read as 1 out of 2 and 1 out of n respec- 
tively). The 1 — 2 OT, firstly discussed by Even et al. in ifTBI 
and based on RSA l40l assumes a sender which has mo and 
nil as messages and receiver that has a bit b. The sender 
wants to make sure that the receiver receives one message 
only among his messages (to;,) and the sender wants to re- 
ceive nib but without making the sender knows the bit b 
itself. Technically, it works as follows: 

1. The sender generates RSA keys, including the mod- 
ulus n, the public exponent e, and the private expo- 



nent d, and picks two random messages ro and n, and 
sends n, e, ro, and r\ to the receiver. 

2. The receiver picks a random message k, encrypts k, 
and adds r& to the encryption of fc, modulo n (i.e., 
E(k) + rb mod n), and sends the result g to the 
sender. 

3. The sender computes fco to be the decryption of q — ro 
and similarly k\ to be the decryption of q — r-y, and 
sends mo + fco and mi + k\ to the receiver. 

4. The receiver knows fc;, and subtracts this from the cor- 
responding part of the sender's message to obtain rrib. 

The 1 — n OT is a generalization of the the 1 — n with the 
assumption that the sender has n messages sorted according 
to an index % l44l . In that case, the sender want the receiver 
to know a single message among the n message while the 
receiver is interested in not revealing the index of the mes- 
sage i. This is specially important when the scenario is ap- 
plied on data retrieval that preserve the privacy of the data. 
Other variants of oblivious transfer schemes which applies 
for the distributed systems in general and LBS systems in 
specific include the following: 

• Adaptive OT 1321 : This technique differs from the 
technique mentioned above in that it can be applied 
adaptively and allow multiple execution without re- 
vealing any information exchange. 

• Dynamic OT 12411 : The dynamic OT runs over a dy- 
namic database that shrinks and grow according to the 
deletion and addition of data from or in it respectively. 

• Proxy OT ||50l : The proxy OT is very suitable for 
devices with limited computation capabilities. That 
is, the OT procedure which is known to be computa- 
tionally expensive is applied on another device with a 
strong computational capability and the final result is 
returned to the mobile device in order to be used. This 
is critical in our work as most of devices used in the 
LBS system are with a limited computational capabil- 
ities. 

The OT is the building block of the secure multi-party 
computation and used heavily in other directions for privacy 
preserving technologies in other areas including the privacy 
preserving data mining. Scenarios for applications should 
exist for applying the OT and SMC both for the privacy 
preserving LBS as well. For more details on the distributed 
OT and its security issues, please refer to detailed works 
such like ID, (33], and lfl2l (the last work details the fc-out- 
of-n OT) . 

4.3. Broadcast Authentication 

The broadcast authentication [37] has received a great 
deal of efforts in the cryptographic society along the known 



broadcast encryption technique. These efforts are motivated 
by the promising applications and great commercial impact 
of this technology. On the devices with limited capabilities, 
the broadcast authentication have been studied in the con- 
text of sensor network and basically based on the authen- 
ticating previous messages by delaying the release of their 
encryption keys as in TESLA and its variants (cf., Il25ll . l26l . 
11271 . among others). 

4.4. Aggregate signatures 

The aggregate signature [20] is a digital signature that 
supports aggregation. That is, given n signatures on n dis- 
tinct messages from n distinct users, it is possible to aggre- 
gate all these signatures into a single short signature. This 
single signature will convince the verifier that the n users 
did indeed sign the n original messages. 

The bilinear aggregate signature is an example of the ag- 
gregate signature and is based on the short signature which 
works as follows: 

• Key Generation: In this phase, public and private keys 
are generated for the specific users: (a) x <— Z p (pri- 
vate key), and (b) v «— g x (public key). 

• Signing: given x, message M G {0,1}*, compute 
h <— H(M) where h G G and a <— h x , the signa- 
ture a G G. 

• Verify: given v, M, a, compute h <— H{M) and ver- 
ify (g, v, h, a are valid DH tuples. That is, e(h, v) = 
e((T,g). For the left side, e(h,v) = e(h,g x ) = 
e(h,g) x . For the right side, e(<r,g) = e(h x ,g) = 
e(h, g) x which holds. 

The aggregate signature considers the above short signa- 
ture, n different users with n different messages, and two 
additional steps which are signature aggregation and aggre- 
gate verification. In the BLS aggregate signature for exam- 
ple |8), after performing the three steps above on each user's 
message, the user performs the following 

• Aggregation: given the signatures <j\ , . . . , a n corre- 
spond to the messages Mi, . . . , M n , compute the sig- 
nature cr <— n™=i a ii 1 — * — n - 

• Aggregate verification: given n different messages 
Mi , . . . M n and public keys V\ , . . . , v n compute hi <— 
H(vi, Mi) and then verify the aggregate signature by 
accepting if e(a, g) = Y\7=i e (^i The verifica- 
tion of this is very straightforward. Take the right 
side e(a,g) = e(fl^h?,g) = nti^f,*?) = 

n™=i e ( h i>9) x * = nt=i e i h i'9 xi ) = nr=i e (^' u i) 

which holds. 

For an interesting survey on aggregation signature tech- 
niques and schemes with applications, see Boneh's et al. 
work in JT). Examples of aggregate signatures that fit to the 
LBS include works in @[3l]|28l|4][30]], among others. 



4.5. Aggregate MAC 

The aggregate message authentication code (aggregate 
MAC) ll23l is a special kind of message authentication code 
that support MAC aggregation. The message authentication 
code, known also as keyed hash functions, are a special type 
of hash functions which are used for message authentication 
and use keys. 

An examples of existing MAC algorithms include the 
cipher-block chaining MAC (CBC-MAC) which work as 
follows: firstly, the sender divides the data x into n-bit block 
xi,X2, ■ ■ ■ ,xt- Let Ek be the encryption using the algo- 
rithm E and the key k, compute the block H t as follows: 
Hi «- E h (xx),Hi «- E k (Hi_ x © Xi ) where 2 < i < t. 
General formulation of CBC-MAC is as follows: let / 
be the underlying block cipher algorithm, k be the shared 
key among parties, the message x = x\X2 ■ ■ ■ Xt then the 
MAC is computed as f k (x) = f k (fk(- ■ ■ fk (fk (x 1 )®x 2 )® 
xt-i) © xt) 0- To verify the MAC, the receiver computes 
the MAC again over the received message and admits the 
message if his computed MAC is equal to the received MAC 
from the sender. Otherwise, he reject the received message. 

On the other hand, the aggregate MAC adds two 
functionalities: MAC aggregation and aggregate veri- 
fication ||231 . For I different users with I messages 
(a^ 1 ), . . . , x( 1 '), after generating the different MAC codes 
as f kl 1 , the aggregate MAC can be constructed 

by simply applying the XOR on the result MACs as follows: 
/agg = e f £) e _ _ _ e ^(D_ The aggregate verifi . 

cation is performed as follows: first the receiver computes 

/fei © fk 2 ® ' " ® fk compare it to the received 

yagg rphe receiver admits the messages if the result is equal 
to received one and reject if it is not equal. 

Note that the difference between the aggregate MAC and 
aggregate signatures is that aggregate MAC works in the 
symmetric key encryption model while the signature works 
in the asymmetric key encryption model. This main differ- 
ence lead to an overall difference in the operation and veri- 
fication methods. Aggregate message authentication codes, 
according to Katz et al. l23l . greatly reduce the commu- 
nication overhead and very applicable to the ad-hoc net- 
works. Since the LBS systems include many devices that 
are used in the ad-hoc network settings, we expect the ag- 
gregate MAC to be used widely in the LBS as well. The 
application scenario may include the fact that a single user 
would like to authenticate several users at once as the typ- 
ical case of cluster formation required for anonymization. 
Typically, the MAC aggregation as a mean of message au- 
thentication based on symmetric model is more preferred 
due to the limited computational resources required for it 
over the public key cryptography which is computationally 
exhausting. 



4.6. Homomorphic Encryption 

The homomorphic encryption is a form of encryption 
where one can perform a specific algebraic operation on 
the plaintext by performing this algebraic operation on the 
ciphertext |43l . Homomorphic encryption techniques in- 
clude modification of existing non-homomorphic schemes 
such like the unpadded RSA, El Gamal, Benaloh, etc. The 
most renown scheme is Paillier scheme. Details of how the 
homomorphic property is maintained including the follow- 
ing schemes. 

• Unpadded RSA Il40l : Let the public key be m and e, 

then the encryption of message x is given by E(x) = 
x e mod m which satisfy the following homomorphic 
property E(x\)E(x2) = x\x\ mod to = (xiX2) e 
mod m = E{x\X2 mod to). 

• El Gamal QjD: Let the public key bep,g,h = g a , and 
a is the secret key, then the encryption of a message 
x is E(x) = (g r ,x ■ h r ) which satisfies the follow- 
ing homomorphic property: E(xi)E(x2) = (g Tl ,xi ■ 
h^){g r \x 2 ■ h r2 ) = ( 5 ri+r2 ,(xi ■ x 2 )/i ri+r2 ) = 
E{x\X2 mod to). 

• Goldwasser Micali EH : Let the public key is the 
modulus m and base g, and the encryption of message 
E{x) = g x r m mod to 2 , then we have the following 
homomorphic property: E(b\)E{b2) = r\x hl r2X h2 = 
(rir 2 ) 2 a; bl+b2 = E(bi © b 2 ) where © is the exclusive- 
or operation. 

• Paillier scheme (35): Let the public key be tge 
modulus to and the base g, then the encryption of 
a message x is g x u r mod m which satisfies the 
following homomorphic property: E(xi)E(x2) = 
(9 ri rT){g X2 r^) = g Xl+X2 (rir 2 ) m = E(x t + x 2 
mod m) 

5. Other General Directions 

As we mentioned before, the privacy in the LBS is still a 
challenging research direction that requires a lot of innova- 
tive solutions. In this section, we summarize a set of direc- 
tions related to the aforementioned privacy architectures. 

5.1. Membership Control 

The membership control is an important directions for 
obtaining the trustworthiness in a distributed cooperative ar- 
chitecture aiming to provide privacy in LBS. Important ele- 
ments of the membership control's research can be concen- 
trated on the authentication, authorization and anonymiza- 
tion. Though these techniques are heavily studied and re- 
search in other settings, it need to be innovatively brought 
into the LBS system's field considering the different users' 
and applications' requirements and specifications. 



5.2. Performance Consideration 

The performance as an important issue not only in the 
LBS but in every system that seeks a commercial impact. 
However, in the LBS it is more critical to consider the per- 
formance since many platforms used for the LBS are basi- 
cally mobile devices with limited resources. That is, related 
costs such like the computation, communication, and mem- 
ory need to be considered for any successful design. Also, 
the privacy need to be considered as borderline when es- 
timating the cost. The scalability as well is an important 
performance criterium that need to be considered. 

5.3. Advancing the Secure Search 

Heavy and intensive works have been performed on the 
search over encrypted data H] which is a promising direc- 
tion as the LBS requires a retrival for searchable data. How- 
ever, since the LBS system mainly uses numerical data as 
an input for the location information, we expect the search- 
able encryption to be easier than general search encryption's 
case. 

5.4. The Theory and Foundations 

As a mater of fact, the definition of privacy is disputable 
|3). Not only this but several security models guaranteeing 
privacy are, in many cases, not proved to provide privacy 
meeting the different definitions. Accordingly concrete pri- 
vacy definitions are required. More precisely, research on 
the following directions would have fruitful results and im- 
pact: 

1. Expressing privacy: allow user's awareness of both 
formally defined, and realistically expressible privacy. 

2. Support various user's requirements: express privacy 
as a range of user requirements according to the oper- 
ation modes refiexing need for the privacy at the time 
and location concerned. 

3. More rules for the user: by allowing a "user defined" 
anonymization, grouping, etc, we can improve the 
adaptability of the LBS privacy. 

4. Rigid definitions: not only for the defining the privacy 
but also for defining the privacy leakage or breach. 
That is, mechanisms are required for leakage quantifi- 
cation in LBS according to different real life scenarios. 

6. Conclusion 

Location based services are promising technological di- 
rection with several interesting research problems specially 
those related to the privacy as the LBSs are directly re- 
lated to human information. To guarantee the privacy while 



providing a reasonable level of service in LBS, two ap- 
proaches are used: cryptographic and non-cryptographic. 
Non-cryptographic approaches include cloaking, blurring, 
anonymization, among many others. On the other hand, the 
cryptographic approaches are not yet investigated though 
many cryptographic components studied in other network- 
ing settings are awaiting the deployment in the LBS sys- 
tems. These cryptographic operations include mechanisms 
for secure multi party computation with extensions to the 
nature of the LBS's dynamic data and adversity, group for- 
mation (including authentication, signatures, group signa- 
tures, aggregate signatures and MAC, among others), and 
homomorphic encryption. 

This paper introduced a general survey and many works 
are to be done. First, we will investigate the applicability 
of other SMC protocols and their variations for LBS de- 
vices (such like smartphones, PDAs, etc). Second, we will 
investigate the different scenario of applications and pri- 
vacy breaches resulting from each in order to provide the 
proper cryptographic operations to limit or blocking these 
breaches. 
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